Bybit Loses Billions In ETH to Lazarus Hackers But No Ethereum Rollback Will Occur

News Tony Severino • 24 Feb 2025 • 7 min read

On Friday, February 21, the UAE-based crypto exchange Bybit was hacked. Hit with a devastating exploit, it lost roughly $1.4 billion worth of Ethereum from its wallets. Experts have concluded that this hack was likely the work of the infamous North Korean hacking group dubbed Lazarus. Over the past years, it has been suspected of many high-profile crypto hacks of major exchanges.

Bybit suffers EVM contract hack

Bybit CEO Ben Zhou confirmed the loss of a whopping 401,000 ETH by the exchange soon after the exploit was detected and various blockchain trackers started tracing the stolen coins. Experts revealed that the hackers managed to exploit a vulnerability in an Ethereum Virtual Machine (EVM) contract on Bybit, which allowed the cyber criminals to get hold of the funds fairly quickly.

In the past, the EVM, which is a decentralized computer that powers Ethereum and its smart contracts’ execution, has been a target for various exploits in the past. Therefore, the fact of Bybit getting hacked by the North Korean group has sparked concerns about its security and that of smart contracts running on it.

In the wake of this large-scale exploit, other major exchanges, such as Binance, Bitget, and others, have collectively provided loans of more than $318,846,424 in Ethereum to ensure the hacked crypto exchange has enough liquidity to work with to effectively continue its operations and avoid risks of insolvency. Meanwhile, Ethereum enthusiasts raised their heads to remind about the importance of self-custody, adding to that the old crypto saying – “not your keys, not your coins” – to stress that holding ones cryptocurrencies on exchanges always bears significant risks of losing them.

Ethereum team refuses to perform a rollback

The news of the Bybit hack spread like wildfire, Bitcoin maximalists began issuing X posts. They began to call for the Ethereum team to make a rollback in order to reverse the funds stolen by the hackers. Some maxis made it mockingly, some perhaps more seriously. Some called for a rollback stating that they do not wish North Korea adding $1.4 billion in Ethereum to its nuclear weapons program. Others just commented on the Bybit hack, praising Bitcoin and slamming Ethereum as a vulnerable and unsecure platform unlike Bitcoin.

The idea of rolling back the Ethereum chain goes back to the 2016 DAO hack, when the decentralized autonomous organization lost roughly $60 million in ETH and to restore that loss, Ethereum developers performed a rollback in the form of a hardfork. As a result of that chain-split, Ethereum Classic (ETC) forked from Ethereum, since part of the developers disagreed to the idea of forking and continued maintaining the original version of Ethereum.

This time, however, core Ethereum developers rejected the idea of a rollback. In particular, Tim Beiko stated that the hackers did not exploit the Ethereum protocol itself and the transaction performed by hackers is no different from any other legitimate transactions on the network. Therefore, there is no need for a rollback, he insisted.

Other Ethereum experts and supporters raised hot debates, saying that risks related to smart contracts are an integral part of blockchain innovation. Besides, they claimed that the Ethereum ecosystem is constantly evolving to improve its security and eliminate any possible issues of this kind. Aside from that, calls for implementing stronger cybersecurity measures, including stricter auditing of smart contracts by exchanges were initiated in the wake of the shameless hacker attack. Some called for better risk-management practices on crypto exchanges and for implementing more sophisticated multi-signature wallets and security practices to prevent such exploits from happening in the future

Bybit announces $140 million bounty program

The Bybit CEO Ben Zhou mentioned on X that the hackers have been converting some of the stolen ETH into Bitcoin using various bridges, including Chainflip. He urged those crypto bridges’ teams to block the stolen funds and help Bybit to retrieve them. Traditionally, as was noticed before, Lazarus Group prefers to leverage crypto mixing services, as well as decentralized exchanges, and even NFT markets to cash out stolen crypto.

Bybit has now announced a bounty program offering roughly 10% of the lost funds (which is roughly $140 million in crypto) to those who will help the exchange to recover the stolen Ethereum.
By now, more than $43 million in ETH has been recovered. That was possible thanks to the collaboration of Bybit with the SEAL and Mantle teams, according to the chief information security officer at Polygon Mudit Gupta.

Besides, Tether has frozen $181,000 in USDT on addresses related to the hack. Tether CEO Paolo Ardoino admitted that this amount was rather small but he said that it was “honest work” and stressed the importance of collaboration of major industry players in the face of this hacker attack against a large crypto market participant. For a safer way to buy crypto, Margex offers a secure option.

Buy Crypto

USD

No options

AUD

Australian Dollar

CAD

Canadian Dollar

EUR

Euros

GBP

Pound Sterling

USD

US Dollar

BTC

No options

AVAX

Avalanche

BUSD

Binance USD

BTC

Bitcoin

BNB

Binance coin

LINK

ChainLink

DAI

Dai

ETH

Ethereum

LTC

Litecoin

SOL

Solana

USDT

Tether

TRX

Tron

TUSD

TrueUSD

USDC

USD Сoin

USDD

WBTC

Wrapped Bitcoin

Buy BTC

The final amount may differ from the displayed values